dissection of a Cyber- Espionage attack
cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack
cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Patient Zero<br />
How the victim discovers the problem<br />
The diplomatic representation in Addis Ababa is composed <strong>of</strong> few militaries and<br />
several diplomats connected to Internet with the standard VPN service from public<br />
networks (transit through the Base). For that part, nobody has noticed the strange<br />
connections to the external C2s repeated each day.<br />
But for a specific task, the owner <strong>of</strong> the infected laptop has used a connection from<br />
a military outpost, tightly regulated in access time and permissions.<br />
Once connected, the computer has attempted to beacon to the C2s and the local<br />
network operator has identified the strange traffic signaling it to his superiors.<br />
The alert has escalated to the Army regiment which has started to investigate.<br />
The analysis performed has followed the traditional practice.<br />
#RSAC